Terms of Use and Privacy Policy

Last updated: February 24, 2026

1. Data Controller

The platform "The Invitations" (available at theinvitations.wedding) is an online service for managing wedding invitations. For questions about your personal data or these terms, contact us at: privacy@theinvitations.wedding.

2. What Data We Collect

When registering and using the platform, we collect the following personal data:

Account: email address, password (stored only in hashed/encrypted form)
Wedding: couple's names, chosen subdomain, wedding date and venue
Plan and payment: chosen subscription plan, payment details (processed by a certified payment provider)
Guests (added by the admin): name, unique invitation token, RSVP status, plus-one information (+1), and personal message
Technical data: IP address and security logs (to prevent abuse)

3. Purpose and Legal Basis for Processing

Purpose	Legal Basis
Providing the service	Performance of contract (Art. 6(1)(b) GDPR)
Processing payments	Performance of contract (Art. 6(1)(b) GDPR)
Account administrative emails	Performance of contract (Art. 6(1)(b) GDPR)
Security and abuse prevention	Legitimate interest (Art. 6(1)(f) GDPR)
Marketing communications	Consent (Art. 6(1)(a) GDPR) — only with explicit opt-in

4. Payments

Payments are processed through a certified payment service provider. We do not store payment card data on our servers. All transactions are secured with TLS encryption and comply with the PCI DSS standard.

Plan prices (Bronze, Silver, Gold) are one-time payments for a single wedding site. The platform administrator confirms payment manually.

5. Guest Data — Admin Responsibility

As a wedding administrator, you add personal data of guests (names, usernames). You bear the responsibility to have a legal basis for processing this data — for example, having informed guests that you will use this platform to manage invitations.

We process guest data only on your instructions (as a data processor) and do not use it for our own purposes.

6. Data Retention

Your data is stored for the duration of your active account. Upon account deletion or subscription expiry, data is removed within 30 days, unless a legal obligation requires longer retention (e.g. accounting records — up to 5 years).

7. Your GDPR Rights

If you are a resident of the EU/EEA, you have the following rights regarding your personal data:

Access: to receive a copy of the data we store about you
Rectification: to correct inaccurate or incomplete data
Erasure ("right to be forgotten"): to request deletion of your personal data
Portability: to receive your data in a machine-readable format
Restriction: to limit processing under certain circumstances
Objection: to oppose processing based on legitimate interest
Withdrawal of consent: at any time, without affecting the lawfulness of prior processing

To exercise your rights, send an email to privacy@theinvitations.wedding. We will respond within 30 days. You also have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) at www.cpdp.bg.

8. Cookies

The platform uses only strictly necessary functional cookies to maintain your session after login. We do not use marketing, advertising, or analytics cookies and do not share data with advertising platforms.

9. Data Security

We apply technical and organisational measures to protect your personal data: encrypted (bcrypt) password storage, TLS for data in transit, restricted access to production databases, and regular security reviews. In the event of a data breach, we will notify you within the legally required timeframes.

10. Changes to Terms

For material changes to these terms, we will notify you by email at least 14 days in advance. Continued use of the service after the changes take effect constitutes acceptance. The date of last update is shown at the top of this page.

11. Contact

For questions about privacy, your rights, or these terms: privacy@theinvitations.wedding